Financial institutions’ anti-money laundering (AML) programs verify, screen, and continually monitor users and transactions to comply with regulations and regulators’ expectations. Technology has always been a helpful tool, but there’s now an increased focus on RegTech solutions.
The pandemic and resulting need to improve remote access spurred some of the shift. According to Deloitte’s 2021 AML/CFT Regtech: Case Studies and Insights, about 90% of retail banks are using or plan to use RegTech to onboard customers remotely.
Advances in computing power and analytics have also increased the usefulness of some RegTech solutions. For instance, artificial intelligence (AI) excels at identifying patterns and anomalies, an essential component of AML transaction monitoring, and graph databases can help organizations identify previously hidden relationships between parties.
There are still some open questions about the regulation of RegTech and how to effectively use AI. But regulatory bodies around the world are supportive of the exploration of RegTech solutions for AML.
How RegTech relates to AML compliance
RegTech broadly describes various solutions related to regulatory compliance in multiple industries and departments. But for AML compliance specifically, RegTech solutions tend to use advanced analytics, such as robotic process automation, machine learning, and natural language processing for:
- Identity verification
- Transaction monitoring
- Record-keeping and report filing
Some RegTech providers are additionally or alternatively focusing on the internal requirements for creating a compliant AML program, including the development of internal AML policies, employee training, and independent testing.
Use cases for RegTech in AML
RegTech solutions can offer measurable benefits to financial institutions that need to comply with Bank Secrecy Act (BSA) and AML requirements.
There are the cost savings from avoiding fines — over $4 billion in AML fines were issued in 2022. Additionally, RegTech can be a differentiator that helps businesses streamline processes to increase conversions and improve the customer experience.
Let’s take a closer look at how organizations can use RegTech within the core components of a know your customer (KYC) program: customer identification, customer due diligence, and ongoing transaction monitoring and risk assessment.
Customer identification program (CIP)
When someone tries to open an account or sign up for your service, your customer identification program (CIP) should kick into gear. To comply with the USA PATRIOT Act, you collect the customer’s name, address, date of birth, and a government-issued identification number, and you need systems that can help you form a reasonable belief that you know the customer's true identity.
RegTech solutions can help organizations use government ID verification or document verification to quickly verify identities and comply with AML regulations, deter fraudsters, and convert good customers.
For example, AML software may be able to analyze uploaded pictures and verify its authenticity, extract data from the document, and compare the extracted data to the information that the person entered on the application.
Flexible RegTech solutions also let you customize and automate much of the process and add additional steps, such as a selfie check or database verification, based on risk signals. And some solutions support the latest electronic identification documents, such as mobile driver’s licenses and e-passports.
Customer due diligence (CDD)
Customer due diligence (CDD) overlaps with CIP in some areas, but goes beyond initial identity verification to include ongoing assessments of money laundering risk. This can include AML screenings against varying types of authoritative databases and lists, such as:
- Office of Foreign Assets Control (OFAC) sanctions lists, Specially Designated Nationals and Blocked Persons (SDN) lists, and Politically Exposed Person (PEP) lists
- Adverse media checks
- Address, email, and phone verifications and risk reports
- Social media reports
- IP address lookups and device fingerprinting
- Behavior analytics
- Internal watchlists
Using RegTech, organizations can quickly make risk-based assessments and proceed with simplified, regular, or enhanced due diligence checks. However, high false positive rates during screenings can eat up resources and create additional work for your manual review teams.
Fortunately, some of the latest RegTech advances can help. For example, with Persona’s Watchlist Portrait Match, you can compare user-submitted photos against Persona’s Watchlist product. We’ve found that when there are names and photos for comparison, we can reduce false positive matches by 99%.
Ongoing transaction monitoring and risk assessment
- Machine-learning models may perform better than traditional analytics models at helping organizations spot unusual outliers or patterns in customer behavior and transaction history.
- Link analysis tools can highlight relationships, helping identify fraudsters and potentially uncovering relationships between individuals, entities, and ultimate beneficial owners (UBOs) that could be important for AML.
- Ongoing reporting requirements, such as currency transaction report (CTR) and suspicious activity report (SAR) filings, are essential for AML compliance. RegTech may be able to identify transactions that require reporting, transfer data to the report, submit the report, and track ongoing reporting requirements to keep financial institutions compliant.
- FinCEN 314a screenings can require organizations to compare the latest FinCEN 314a lists to their users. Based on industry feedback, Persona built a solution that can automatically compare an uploaded list to a user base in minutes, pull matches into a case management flow, and perform follow-ups via third-party integrations.
RegTech can also help organizations automatically create an audit trail by recording every step of the KYC process and ongoing AML-related activity.
Opportunities and challenges of using RegTech for AML
Continuous development within the AML RegTech space has led to important advancements, but they can sometimes be limited in scope or have other drawbacks.
- Technology can help streamline data collection, organization, and analysis to decrease false positives.
- AI-driven models may be better at detecting “unknown unknowns” than human observation, traditional models, and rules-based systems.
- Advances in image analysis, data extraction, and matching technology can also lead to a more customer-friendly onboarding process.
- Implementing new RegTech solutions may require a significant initial investment and ongoing training, especially for organizations that don’t have internal expertise.
- It can be difficult to connect legacy systems with the latest RegTech.
- AI models don’t always outperform rules-based solutions.
- AI-driven models also might not have transparent or explainable processes, which could be an issue for regulators.
- Data collection and storage needs to comply with privacy and security regulations.
Choosing the right RegTech solutions
RegTech solutions will continue to evolve and reflect technological advances, new regulations, access to additional data sources, and changes in consumer preferences, such as the adoption of digital identities.
Assessing the effectiveness, cost, and features of various solutions — and how they integrate with your existing platforms — is important when comparing RegTech. We’ve created an in-depth guide to evaluating identity verification solutions that can offer helpful insights.
We’re also continuing to invest in our global, customizable, and scalable AML platform. You can pick and choose from select solutions to enhance your existing platform, or use Persona as a core platform that integrates information and functionality from your existing in-house and third-party solutions into a single dashboard.